newsyslog(8): Reject configurations that specify setuid or executable logs

Prevent some classes of foot-shooting that may result in permissions problems. Reviewed by: dab, delphij, vangyzen (earlier version) Relnotes: yes (behavior change) Sponsored by: Dell EMC Isilon Differential Revision: D16831
svn path=/head/; revision=338165
2018-08-21 23:12:46 +00:00 · 2018-08-21 23:12:46 +00:00 · c657f9385b · 2020-12-20 02:59:44 +00:00
commit c657f9385b
parent 1465a1e1eb
2 changed files with 12 additions and 1 deletions
--- a/usr.sbin/newsyslog/newsyslog.c
+++ b/usr.sbin/newsyslog/newsyslog.c
@ -1193,6 +1193,12 @@ parse_file(FILE *cf, struct cflist *work_p, struct cflist *glob_p,
 		if (!sscanf(q, "%o", &working->permissions))
 			errx(1, "error in config file; bad permissions:\n%s",
 			    errline);
+		if ((working->permissions & ~DEFFILEMODE) != 0) {
+			warnx("File mode bits 0%o changed to 0%o in line:\n%s",
+			    working->permissions,
+			    working->permissions & DEFFILEMODE, errline);
+			working->permissions &= DEFFILEMODE;
+		}

 		q = parse = missing_field(sob(parse + 1), errline);
 		parse = son(parse);
--- a/usr.sbin/newsyslog/newsyslog.conf.5
+++ b/usr.sbin/newsyslog/newsyslog.conf.5
@ -21,7 +21,7 @@
 .\" the suitability of this software for any purpose.  It is
 .\" provided "as is" without express or implied warranty.
 .\"
-.Dd January 15, 2018
+.Dd August 21, 2018
 .Dt NEWSYSLOG.CONF 5
 .Os
 .Sh NAME
@ -96,6 +96,11 @@ or
 .Pa /etc/group .
 .It Ar mode
 Specify the file mode of the log file and archives.
+Valid mode bits are
+.Dv 0666 .
+(That is, read and write permissions for the rotated log may be specified for
+the owner, group, and others.)
+All other mode bits are ignored.
 .It Ar count
 Specify the maximum number of archive files which may exist.
 This does not consider the current log file.